Also I get the feeling lot of instruction on topic like SQL Injection is just incorrect or not even best practise anymore. And it keeps being parroted. Like recommending input sanitization. It can be part of solution and probably should consider what to accept on any input. But it is not full or even efficient solution, specially when often it is implemented incorrectly or imperfectly...
So it is complex field and there is always more vectors like this.
So it is complex field and there is always more vectors like this.